I don't think that watching/reading #hacking tutorials and collecting BB tips in Twitter or any other social media will make you UNDERSTAND what you are doing and why that happens. Build a solid foundation with PROGRAMMING, NETWORKING, PROTOCOLS and OPERATING SYSTEMS first.

Copy+Paste issue!. When pasting it be aware that "l .search" here became " http://l .search".

Join millions who have switched to Grok.

I'm just 1 click away from knowing if there's a WAF (and which one) with my super simple "WAFme" bookmarklet. JavaScript:w='?j=<script>&';l=location;q=w;if(q=replace('?',w);location=' https://'+l.hostname+l.pathname+q+l.hash. #XSS

That JavaScript scenario is full of tricks.

That's why I say I'm an artist, not a hacker:. I depend on inspiration to work.

RT @RodoAssis: Hey bug hunter! . Do you have a WAF or any other filter in your way?. Let's COLLABORATE! 🤩. Any bug, 50/50 just DM me with d….

Hey bug hunter! . Do you have a WAF or any other filter in your way?. Let's COLLABORATE! 🤩. Any bug, 50/50 just DM me with details. #hack2learn

Another day, another way to bypass a WAF. Stay tuned, I'm documenting them all!.

RT @KN0X55: We just published our 1st blog post! . We hope to be just the beginning of everything #XSS related we know. Check it out! 😉….

Change the world (for the better) or die trying?.

If you blindly trust LLMs like chatGPT, Claude or Gemini you are smart as they are. Check my chat with Claude starting with "XSS Filter Bypass" but ending up on how absolutely useless it is for anything serious. Claude is considered to be "very smart".

It's super hard to take care of 50+ cats and dogs every single day, you have no idea.

RT @KN0X55: Top 10 #XSS Payloads.By @RodoAssis . #BugBounty #PenTesting.

What's wrong here? . Try to PoC a XSS using ALert(1) instead of alert(1)!. Bypassing a filter with incorrect syntax is not a bypass.

Just found that in a serious, academic whitepaper. 🤦

Imperva guys fix their WAF so badly that you just need to change the order of the attributes in the previous bypass and it works. 🤪

Why this is important?. Unless you test every entry point w/ something like alert(1) exactly that way, no quotes, nothing, you won't be able to spot eval() like scenarios w/ a regular #XSS vector like <Img/Src/OnError=alert(1)>. Unless you read all the JS source code, of course.

RT @RodoAssis: Between white and black, there's a lot of grey. #Hacking . That's something you learn in LIFE itself. #hack2learn https://t.….

Between white and black, there's a lot of grey. #Hacking . That's something you learn in LIFE itself. #hack2learn